Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
passport-ldapauth
Advanced tools
Passport authentication strategy against LDAP server. This module is a Passport strategy wrapper for ldapauth-fork
var LdapStrategy = require('passport-ldapauth').Strategy;
passport.use(new LdapStrategy({
server: {
url: 'ldap://localhost:389',
...
}
}));
If you wish to e.g. do some additional verification or initialize user data to local database you may supply a verify
callback which accepts user
object and then calls the done
callback supplying a user
, which should be set to false
if user is not allowed to authenticate. If an exception occured, err
should be set.
var LdapStrategy = require('passport-ldapauth').Strategy;
passport.use(new LdapStrategy({
server: {
url: 'ldap://localhost:389',
...
}
},
function(user, done) {
...
return done(null, user);
}
));
npm install passport-ldapauth
server
: LDAP settings. These are passed directly to ldapauth-fork. See its documentation for all available options.
url
: e.g. ldap://localhost:389
adminDn
: e.g. cn='root'
adminPassword
: Password for adminDnsearchBase
: e.g. o=users,o=example.com
searchFilter
: LDAP search filter, e.g. (uid={{username}})
. Use literal {{username}}
to have the given username used in the search.searchAttributes
: Optional array of attributes to fetch from LDAP server, e.g. ['displayName', 'mail']
. Defaults to undefined
, i.e. fetch all attributestlsOptions
: Optional object with options accepted by Node.js tls module.usernameField
: Field name where the username is found, defaults to username
passwordField
: Field name where the password is found, defaults to password
passReqToCallback
: When true
, req
is the first argument to the verify callback (default: false
):
passport.use(new LdapStrategy(..., function(req, user, done) {
...
done(null, user);
}
));
Note: you can pass a function instead of an object as options
, see the example below
var express = require('express'),
passport = require('passport'),
LdapStrategy = require('passport-ldapauth').Strategy;
var OPTS = {
server: {
url: 'ldap://localhost:389',
adminDn: 'cn=root',
adminPassword: 'secret',
searchBase: 'ou=passport-ldapauth',
searchFilter: '(uid={{username}})'
}
};
var app = express();
passport.use(new LdapStrategy(OPTS));
app.configure(function() {
app.use(express.bodyParser());
app.use(passport.initialize());
});
app.post('/login', passport.authenticate('ldapauth', {session: false}), function(req, res) {
res.send({status: 'ok'});
});
app.listen(8080);
Simple example config for connecting over ldaps://
to a server requiring some internal CA certificate (often the case in corporations using Windows AD).
var fs = require('fs');
var opts = {
server: {
url: 'ldaps://ad.corporate.com:636',
adminDn: 'non-person@corporate.com',
adminPassword: 'secret',
searchBase: 'dc=corp,dc=corporate,dc=com',
searchFilter: '(&(objectcategory=person)(objectclass=user)(|(samaccountname={{username}})(mail={{username}})))',
searchAttributes: ['displayName', 'mail'],
tlsOptions: {
ca: [
fs.readFileSync('/path/to/root_ca_cert.crt')
]
}
}
};
...
Instead of providing a static configuration object, you can pass a function as options
that will take care of fetching the configuration. It will be called with a callback function having the standard (err, result)
signature. Notice that the provided function will be called on every authenticate request.
var getLDAPConfiguration = function(callback) {
// Fetching things from database or whatever
process.nextTick(function() {
var opts = {
server: {
url: 'ldap://localhost:389',
adminDn: 'cn=root',
adminPassword: 'secret',
searchBase: 'ou=passport-ldapauth',
searchFilter: '(uid={{username}})'
}
};
callback(null, opts);
});
};
var LdapStrategy = require('passport-ldapauth').Strategy;
passport.use(new LdapStrategy(getLDAPConfiguration,
function(user, done) {
...
return done(null, user);
}
));
MIT
FAQs
LDAP authentication strategy for Passport
The npm package passport-ldapauth receives a total of 23,612 weekly downloads. As such, passport-ldapauth popularity was classified as popular.
We found that passport-ldapauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.